<?php

function deal_session()
{
    if (isLogined()) {
        global $_G;
        $uid = $_G["profile"]["uid"];
    } else {
        return false;
    }

    if (allowLogin($uid)) {
        $_SESSION["admin"] = getPermissions($uid);
        return true;
    }
    return false;
}

function hasPermission($permission)
{
    return true;// isset($_SESSION["admin"][$permission]);
}


function getPermissions($uid)
{
    $con = getConnection();
    $result = mysqli_query($con, "SELECT * FROM `admin_permissions` WHERE `uid`='$uid'");
    if (! $result) {
        printf("Error: %s\n", mysqli_error($con));
        exit();
    }
    return mysqli_fetch_assoc($result);
}

function allowLogin($uid)
{
    $con = getConnection();
    $result = mysqli_query($con, "SELECT uid FROM `admin_permissions` WHERE `uid`='$uid' AND `allow_admin`='1'");
    if (! $result) {
        printf("Error: %s\n", mysqli_error($con));
        exit();
    }
    $rows = mysqli_num_rows($result);
    if (! $rows) {
        return false;
    }
    return true;
}
?>